cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-34692,https://securityvulnerability.io/vulnerability/CVE-2024-34692,"Attackers Can Upload Arbitrary Files, Including Executables, Leading to Limited Impact on Confidentiality and Integrity","Due to missing verification of file type or
content, SAP Enable Now allows an authenticated attacker to upload arbitrary
files. These files include executables which might be downloaded and executed
by the user which could host malware. On successful exploitation an attacker
can cause limited impact on confidentiality and Integrity of the application.",SAP,SAP Enable Now,4.6,MEDIUM,0.00044999999227002263,false,,false,false,false,,,false,false,,2024-07-09T04:43:05.361Z,0
CVE-2024-39596,https://securityvulnerability.io/vulnerability/CVE-2024-39596,Authorization Checks Bypass Leads to Limited Impact on Confidentiality,"Due to missing authorization checks, SAP Enable
Now allows an author to escalate privileges to access information which should
otherwise be restricted. On successful exploitation, the attacker can cause
limited impact on confidentiality of the application.",SAP,SAP Enable Now,4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-07-09T04:25:57.251Z,0
CVE-2023-36920,https://securityvulnerability.io/vulnerability/CVE-2023-36920,Clickjacking vulnerability in SAP Enable Now,"In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-FRAME-OPTIONS response header is not implemented, allowing an unauthenticated attacker to attempt clickjacking, which could result in disclosure or modification of information.


",SAP,SAP Enable Now,6.1,MEDIUM,0.000750000006519258,false,,false,false,false,,,false,false,,2023-10-30T17:15:00.000Z,0
CVE-2023-36918,https://securityvulnerability.io/vulnerability/CVE-2023-36918,Cross-Site Scripting vulnerability in SAP Enable Now,"In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the X-Content-Type-Options response header is not implemented, allowing an unauthenticated attacker to trigger MIME type sniffing, which leads to Cross-Site Scripting, which could result in disclosure or modification of information.

",SAP,SAP Enable Now,6.1,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2023-07-11T03:15:00.000Z,0
CVE-2023-33988,https://securityvulnerability.io/vulnerability/CVE-2023-33988,Cross-Site Scripting vulnerability in SAP Enable Now,"In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Content-Security-Policy and X-XSS-Protection response headers are not implemented, allowing an unauthenticated attacker to attempt reflected cross-site scripting, which could result in disclosure or modification of information.

",SAP,SAP Enable Now,6.1,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2023-07-11T03:15:00.000Z,0
CVE-2023-36919,https://securityvulnerability.io/vulnerability/CVE-2023-36919,Information Disclosure in SAP Enable Now,"In SAP Enable Now - versions WPB_MANAGER 1.0, WPB_MANAGER_CE 10, WPB_MANAGER_HANA 10, ENABLE_NOW_CONSUMP_DEL 1704, the Referrer-Policy response header is not implemented, allowing an unauthenticated attacker to obtain referrer details, resulting in information disclosure.",SAP,SAP Enable Now,5.3,MEDIUM,0.0009200000204145908,false,,false,false,false,,,false,false,,2023-07-11T03:15:00.000Z,0
CVE-2022-35297,https://securityvulnerability.io/vulnerability/CVE-2022-35297,Stored Cross-Site Scripting Vulnerability in SAP Enable Now,"SAP Enable Now has a vulnerability arising from inadequate encoding of user-controlled inputs during network transmission. This flaw allows attackers to manipulate the content delivered to other users, leading to a Stored Cross-Site Scripting (XSS) scenario. The unfiltered data can be leveraged to execute malicious scripts in the context of an unsuspecting user’s session, potentially compromising the confidentiality, integrity, and availability of affected systems. Organizations using SAP Enable Now should prioritize the implementation of proper input encoding practices to mitigate this risk.",SAP,SAP Enable Now,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2022-10-11T00:00:00.000Z,0
CVE-2022-35293,https://securityvulnerability.io/vulnerability/CVE-2022-35293,Insecure Session Management Vulnerability in SAP Enable Now,"The vulnerability in SAP Enable Now arises from inadequate session management practices, enabling unauthenticated attackers to exploit the system. This flaw permits unauthorized users to access and manipulate user accounts, presenting potential risks to user data confidentiality and application integrity. Successful exploitation can lead to unauthorized viewing or modification of sensitive user information.",SAP,SAP Enable Now Manager,9.1,CRITICAL,0.0019199999514967203,false,,false,false,false,,,false,false,,2022-08-10T20:15:00.000Z,0
CVE-2021-27637,https://securityvulnerability.io/vulnerability/CVE-2021-27637,Information Disclosure Vulnerability in SAP Enable Now by SAP,"An information disclosure vulnerability exists in SAP Enable Now (SAP Workforce Performance Builder - Manager), allowing unauthorized access to restricted information under specific conditions. This can lead to inadvertent exposure of sensitive data, enabling attackers to gain insights into confidential operations and processes. Organizations using affected versions should assess their security posture and apply relevant protective measures to mitigate potential risks.",SAP,SAP Enable Now (SAP Workforce Performance Builder - Manager),5.9,MEDIUM,0.0007399999885819852,false,,false,false,false,,,false,false,,2021-06-09T13:30:33.000Z,0
CVE-2020-6197,https://securityvulnerability.io/vulnerability/CVE-2020-6197,Insufficient Session Expiration in SAP Enable Now by SAP,"SAP Enable Now prior to version 1908 has a flaw in its session management where session tokens are not invalidated promptly. This allows an attacker with local access to potentially exploit the session and download sensitive portables, posing a significant risk to data security and user privacy.",SAP,SAP Enable Now,3.8,LOW,0.0004199999966658652,false,,false,false,false,,,false,false,,2020-03-10T20:17:58.000Z,0
CVE-2020-6178,https://securityvulnerability.io/vulnerability/CVE-2020-6178,Information Disclosure Vulnerability in SAP Enable Now by SAP,"SAP Enable Now prior to version 1911 exposes sensitive information due to the inappropriate handling of session identifiers. The Session ID cookie is transmitted in the URL, which can be inadvertently logged or accessed through browser histories. This flawed mechanism may allow unauthorized parties to exploit the exposed Session ID, potentially leading to information breaches and unauthorized access to protected resources.",SAP,SAP Enable Now,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2020-03-10T20:17:39.000Z,0
CVE-2019-0405,https://securityvulnerability.io/vulnerability/CVE-2019-0405,User Enumeration Vulnerability in SAP Enable Now,"SAP Enable Now prior to version 1911 suffers from a user enumeration vulnerability that allows unauthorized access to sensitive information. An attacker can exploit this flaw to glean details about the existence of specific users in the system, potentially leading to a broader compromise. By systematically querying the application, an attacker may construct a list of valid users, increasing the risk of targeted attacks and further exploitation.",SAP,SAP Enable Now,7.5,HIGH,0.0017800000496208668,false,,false,false,false,,,false,false,,2019-12-11T21:35:37.000Z,0
CVE-2019-0404,https://securityvulnerability.io/vulnerability/CVE-2019-0404,Information Disclosure Vulnerability in SAP Enable Now from SAP,"SAP Enable Now prior to version 1911 has a significant information disclosure vulnerability where sensitive network configuration details may be unintentionally exposed through server error messages. This leak can potentially provide attackers with insights into the internal network setup, which could be leveraged for further exploitation. It is critical for users to upgrade to the latest version to mitigate this risk.",SAP,SAP Enable Now,7.5,HIGH,0.0017800000496208668,false,,false,false,false,,,false,false,,2019-12-11T21:35:30.000Z,0
CVE-2019-0403,https://securityvulnerability.io/vulnerability/CVE-2019-0403,CSV Command Injection Vulnerability in SAP Enable Now by SAP,"SAP Enable Now versions prior to 1911 are susceptible to a CSV command injection vulnerability, whereby an attacker can insert malicious commands into CSV files. When these files are opened, the embedded commands are executed, potentially allowing unauthorized actions to be performed in the software environment. This vulnerability poses risks to data integrity and the security of the system.",SAP,SAP Enable Now,9.8,CRITICAL,0.004000000189989805,false,,false,false,false,,,false,false,,2019-12-11T21:35:26.000Z,0
CVE-2019-0385,https://securityvulnerability.io/vulnerability/CVE-2019-0385,Cross-Site Scripting Vulnerability in SAP Enable Now,"The vulnerability found in SAP Enable Now prior to version 1908 arises from inadequate encoding of user-controlled inputs. This flaw allows an attacker to inject malicious scripts into web pages viewed by users, compromising user sessions and potentially leading to data theft or unauthorized actions within the application.",SAP,SAP Enable Now,6.5,MEDIUM,0.0007200000109151006,false,,false,false,false,,,false,false,,2019-11-13T21:57:40.000Z,0
CVE-2019-0340,https://securityvulnerability.io/vulnerability/CVE-2019-0340,Missing XML Validation Vulnerability in SAP Enable Now,"The XML parser utilized in SAP Enable Now prior to version 1902 is not properly hardened, creating a potential for a Missing XML Validation vulnerability. This flaw allows attackers to exploit the file upload functionalities located at various points within the system, potentially enabling unauthorized access to local files through XML External Entity (XXE) attacks. As a result, sensitive information may be exposed if adequate security measures are not implemented.",SAP,SAP Enable Now,5.4,MEDIUM,0.000539999979082495,false,,false,false,false,,,false,false,,2019-08-14T13:51:45.000Z,0
CVE-2019-0341,https://securityvulnerability.io/vulnerability/CVE-2019-0341,Session Cookie Vulnerability in SAP Enable Now by SAP,"The session cookie utilized by SAP Enable Now, specifically in version 1902, lacks the HttpOnly flag. This oversight permits potential attackers to execute scripts within the application context, leading to unauthorized access to the session cookie. If compromised, this cookie could facilitate further access to the application, posing a significant security risk.",SAP,SAP Enable Now,8.8,HIGH,0.0010400000028312206,false,,false,false,false,,,false,false,,2019-08-14T13:50:44.000Z,0